Skip to main content

Backend production-grade

Clean Architecture with a 4-layer approach, multi-layered security and disciplined migrations: the actual backend stack I use in production, not a tutorial.

2Thematic clusters11Series96Articles

Backend production-grade means Clean Architecture with a 4-layer defense enforced by ArchUnit rules in CI, not a diagram on a slide: dependency arrow toward the domain, irreversible Flyway migrations handled with discipline, JWT with real revocation on Redis. The stack described here runs in production on Spring Boot today, not in a tutorial.

Depth/Details

Software Architecture

Security and DevOps

Frequently Asked Questions

What backend stack is used in production?

Spring Boot 3.4 on Java 21, Clean Architecture at 4 layers (domain/application/infrastructure/presentation), PostgreSQL 16 and Redis Stack 7, with over 90 documented REST endpoints via Swagger.

How do you ensure that the architecture does not deteriorate over time?

Rules enforced by ArchUnit in CI block the build if a layer violates the dependency arrow towards the domain: the architecture defends itself alone, not dependent on who writes the next commit.

How do you manage API security?

JWT owner with HS256 signing, denylist for revocation on Redis, rate limiting per endpoint (Bucket4j), CORS whitelist and protection against SSRF on internal service calls.

Do you also offer consulting on existing Spring Boot architectures?

Yes: architecture audit, refactoring to Clean Architecture and securing existing Spring Boot systems in production with a focus on real risk generation.